OpenStack Keystone extension to enable OAuth 2.0.
To install this extension in Keystone, you have to do the following:
-
Place the
oauth2folder inside thekeystone/contribfolder in your Keystone project. -
Place the files in
tests/inside thekeystone/testsfolder in your Keystone project. -
This extension implements an auth plugin. You need to add the
plugins/oauth2.pymodule to thekeystone/auth/pluginsfolder in your Keystone project.The files inside the
configfolder contain everything you need to add to your Keystone settings files (etc/keystone.confandetc/keystone-paste.ini). If you are an experienced user, you can check those files and skip steps 4-6. Should you prefer to set up everything step by step, please read on. -
Since this extension is augmenting a pipeline (see Keystone docs for more info), a corresponding
filter:section is necessary to be introduced in youretc/keystone-paste.inifile. Just place the following:[filter:oauth2_extension] paste.filter_factory = keystone.contrib.oauth2.routers:OAuth2Extension.factory -
In order for the extension to work, it must be placed in the
pipeline. -
Edit the
[auth]section in yourkeystone.conffile (the one placed in theetcfolder in your Keystone project), to include OAuth 2.0 auth method, just like this:# Default auth methods. (list value) methods=external,password,token,oauth2
At the end of the section you have to add this:
# The oauth2 plugin module (string value) oauth2=keystone.auth.plugins.oauth2.OAuth2 -
Finally, you need to define new policies in your
policy.jsonfile (the one placed in theetcfolder in your Keystone project) for the following targets:identity:list_authorization_codes identity:revoke_access_token identity:request_authorization_code
The file config/policy.json contains default values you can use, as well as other required policies which Keystone should include by default.